Hi,
I need to get list of hosts not sending logs over two days for example, a query with kibana would be awesome!
This isn't possible with most standard logs-oriented indices, because to run this query you need to have a host-oriented index that has a structure like this:
{ host: 1, last_known_date: 2021-03-15 }`
There is a feature that you can use in Elasticsearch to solve this problem. Transforms let you pivot by host
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.